Components of a Cyber Security Program

Cyber Security Governance

The Information Security Officer (ISO) provides guidance and support for the overall Information Security Portfolio. The ISO establishes the Security Lifecycle through the development and management of agency wide governance. The ISO facilitates the lifecycle of Security Operations, Risk Management and Security Architecture through a number of activities and repeatable processes.

Threat Identification

The purpose of your Security Operations Center (SOC) is to identify threats to Information Security. As threats are identified, they should be provided to Risk Management for Analysis. Threats can be identified through a number of mechanisms including:

Intrusion Detection and Prevention Technologies

Notices from organizations such as the Multi-State Information Sharing and Analysis Center

Risk Management

The purpose of your Risk Management Program is to quantify the Risks Identified by your Security Operations Center. As risks are quantified and prioritized, they should be provided to the security architects so security controls can be established or configured, which mitigate the risks identified. The risks of threats can be managed through a number of strategies including:

Cataloging the Risk - Establish a Risk Register

Quantifying the Risk - Determine if vulnerabilities exist which can be exploited by the threats identified

Measuring the Risk - Identify the impacts of realized risks

Communicate the Risk - Convey prioritized risks to architects so that a solution can be established

Risk Mitigation

Risks are provided to Security Architects who implement or configure security controls to mitigate the identified risks. As risks are mitigated, security architects should inform the Security Operations team how they should monitor to ensure that they are not realized. The following represents a process steps that can be used to mitigate risk:

Determine how the risk results in exploitation of a vulnerability.

Determine if there are existing security controls which can mitigate exploitation.

Implement or re-configure the security control to mitigate the risk.

Develop a mechanism to identify if risk exploitation is occurring and solution for monitoring for this risk.

Security controls are implemented across the infrastructure to mitigate various risks which are presented. As risks are presented by your Risk Management Program, your architects should be working to implement solutions to mitigate them. NIST SP 800-53 “Security and Privacy Controls for Federal Information Systems and Organizations,” illustrates a catalogue of security controls that can be used to identify mitigation strategies.

National Cybersecurity Workforce Framework

NICE developed the National Cybersecurity Workforce Framework (the Framework) to codify cybersecurity work and to identify the specialty areas of cybersecurity professionals.

The Framework establishes:

A common taxonomy and lexicon for cyber security workers that organizes cyber security into 31 specialty areas within 7 categories.

Specialty areas responsible for specialized denial and deception operations and collection of cyber security information that may be used to
develop intelligence.

Analyze

Specialty area responsible for highly specialized review and evaluation of incoming cyber security information to determine its usefulness for
intelligence.

Oversight and Development

Specialty areas that providing leadership, management, direction, and/or development and advocacy so that individuals and organizations may
effectively conduct cyber security work.

The Framework organizes cyber security work into 31 specialty areas within 7 categories. Each specialty area represents an area of concentrated work, or function, within cybersecurity. Below are the 7 categories (bold), with corresponding specialty areas.